The default security configuration uses a property file located at <RemoteEngineInstallationDirectory>/etc/users.properties to store authorized users and their passwords. The default user name is tadmin and the associated password is tadmin too. Change the default password by editing the above file before moving Karaf into production.
The users are used for access to the SSH console and the JMX management layer in Karaf, both of which delegate to the same JAAS based security authentication.
The users.properties file contains one or more lines, each line defining a user, its password and the associated roles.
After the Remote Engine starts, the password is encrypted. By default, the encryption is based on Jasypt, using salted SHA-256 algorithm. To modify these settings, edit the <RemoteEngineInstallationDirectory>/etc/org.apache.karaf.jaas.cfg file. For more information, see the Karaf security configuration page.